I am a new CISSP and my brand new job allows $3,000 on professional development. My brand new boss asked me to give him a list of conferences/seminars that I need to go to maintain my CISSP certification. What is the best conference besides ChicagoCon for security professionals? Is it BlackHat? The $3,000 budget includes registration, travel and hotel. I don't mind throw in a few hundred dollars too.I currently go to ChicagoCon Spring and Fall to get the minimum annual CPE, but soon I will need to get more to make sure I meet the three year accumulated CPE.

In addition to ChicagoCon, there are several other great events at a low cost like Defcon, Notacon (relatively close), Shmoocon, Toorcon. Check out our Calendar of Events. I try to keep it up to date as much as possible.

As for training, that budget makes it tough. I could get you into the Social Engineering Master Class for $2K, but other than that, you'll have to do some great negotiating with training companies out there. It can be done though. Tell them it's either this or nothing, chances are they'll take it and ask you not to tell anyone the deal you just got.

Wow! That's pretty cool, $3k for self development. All I got was "well done" Maybe I should show this thread to my manager and try some negotiation tactics

Don's got a good point, most IT companies are scaling back on training and I'm sure training companies are being affected by the current economy, I'm sure they'll be willing to negotiate a deal.

Maintaining CPE's isn't that hard, (ISC)2 has some videos available and you can claim 3 credits per webinar after completing the quiz: https://isc2.brighttalk.com/If you need some additional tips for CPE's let me know and I'll post some additional info.

I'm not familiar with the Chicago area, but I'm sure you have some educational institutions down there. Almost all of them have an ISC type group that meets on campus. You can likely get into one of those groups for free.

The money your company offers isn't bad, but the fact that it counts travel is a little stiff. I agree with Don that looking at the lower cost conventions is probably your best bet. Do you get paid time for being at the conventions when you go (or any type of compensation)? That's my hardest part. It seems like my company is all too ready to send me to training (of course they never let me know that I'm officially approved more than 2 days out). Seems though like the hardest part for me is getting compensated for time away from home...

Don: Do you remember how much it cost for Shmoocon? I got a few friends in DC and I don't think I will need to pay hotel there. Thank you for your offer on the social engineering class. I talked to my manager about it but he would rather me to learn how to use tools such as nmap, Nessus and etc. I will recommend the class to my coworkers. In the mean time, I need to catch up on the knowledge with the tools to be able to work with my teammates . I will definitely try your negotiation strategy and see if I can get some training class.

former33t: Maybe you should try to negotiate with your boss. I got the professional development budget and the time off in the offer package. I am very bad in negotiation, I preferred not negotiate. When they told me the base salary, I just said "OK". Then there was a long silence on the phone line. Only after that I realized they are expecting me to say something. But I don't know what to say. I think the salary is fair. When the HR called again about accepting the offer, I had my best friend (who works in HR) with me. She shushed me and tell me not to say anything. There was a long awkward silence on the phone and then my manager jumped in and offered the training money in addition to the standard HR education benefit. So I said I will need time to go to conferences and seminars, if I can get extra 5 days off in addition to the original offer, I would be very happy to accept the offer. That actually seals the deal.

Data_Raid: I am interested in finding out more ways to earn CPEs. Can you give me more ideas on getting CPEs? I know attending certain conference, group meeting, and e-seminar and write a book review on ISC2 will generate CPE points. What else I can do?

You can get CPEs for just about anything. You can read a book, watch a webcast, download a podcast, or my favorite, watch recorded videos from past cons. Schmoocon, Blackhat, Defcon, they all publish their videos a year later. Just download them and watch away.

You should log on to isc2 site and look through what you can claim. If you go to "Submit CPEs" and try to add one, you will get a drop down box with all acceptable categories.

enigma wrote:Data_Raid: I am interested in finding out more ways to earn CPEs. Can you give me more ideas on getting CPEs? I know attending certain conference, group meeting, and e-seminar and write a book review on ISC2 will generate CPE points. What else I can do?

Apologies for the late response.Ketchup is on the money and pretty much said what I was going to say Make sure that you keep a track of all the Podcasts/Webcasts as you might get audited and might have to supply proof of the Podcasts/Webcasts.Here's an article written by Don regarding CPE's: http://searchsecurity.techtarget.com/ge ... 2,00.html#